Cross site scripting in francoisjacquet/rosariosis


Reported on

May 5th 2022


  1. Login as teacher 2.Create a new assignment at
  2. Add this payload in discription <iframe src=><iframe>
  3. Save this assigment
  4. You will see a prompt


Cross site scripting

We are processing your report and will contact the francoisjacquet/rosariosis team within 24 hours. a year ago
We have contacted a member of the francoisjacquet/rosariosis team and are waiting to hear back a year ago
François Jacquet validated this vulnerability a year ago
Distorted_Hacker has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
François Jacquet marked this as fixed in 8.9.6 with commit 069e30 a year ago
François Jacquet has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation